iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2140 CREDAT:145409
2232powershell.exe "powershell" Get-MpPreference -verbose
2504cmd.exe "cmd.exe" /c schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
2780schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
2828cmd.exe "cmd.exe" /c schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
2876schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
2920schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
2856powershell.exe "powershell" Get-MpPreference -verbose
2568RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
840pixelguy.exe "C:\Users\test22\AppData\Local\Temp\1000006001\pixelguy.exe"
2740YT.exe "C:\Users\test22\AppData\Local\Temp\1000007001\YT.exe"
2760RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
3064rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
2832macheri.exe "C:\Users\test22\AppData\Local\Temp\1000010001\macheri.exe"
2720bakhtiar.exe "C:\Users\test22\AppData\Local\Temp\1000011001\bakhtiar.exe"
1840BroomSetup.exe C:\Users\test22\AppData\Local\Temp\BroomSetup.exe
2264nsl6E4E.tmp C:\Users\test22\AppData\Local\Temp\nsl6E4E.tmp
303631839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
1176tesaea.exe "C:\Users\test22\AppData\Local\Temp\tesaea.exe"
2320flesh.exe "C:\Users\test22\AppData\Local\Temp\1000018001\flesh.exe"
2328explorer.exe C:\Windows\Explorer.EXE
1236